Hewlett Packard Enterprise is investigating claims of a new source code breach after a threat actor said they stole documents from the company’s developer environments.
The company has told BleepingComputer that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims.
“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” spokesperson Clare Loxley told BleepingComputer.
“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved.”
IntelBroker, who announced the sale of information allegedly stolen from HPE’s networks, claims they had access to the company’s API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:
“It looks like HPE took all the appropriate steps. It would be great to know if a breach did occur and, if so, how? As long as HPE disabled the older, possible logon credentials (as they say they did), then the remaining threat comes from the possibly stolen source code. Theoretically, an attacker with the source code can more easily find vulnerabilities and exploit them (or sell those vulnerability findings and/or exploits). Although in practice I’m not aware of an exploit that occurs because of stolen source code. Maybe it’s happened (and I don’t know about it), but the real-world threat from stolen source code doesn’t seem to match the fear. Still, if there was stolen source code and you had a dedicated adversary that was appropriately motivated, having your source code out there is something no development vendor wants. But to me the bigger risk is from unauthorized access to the stolen objects…did it occur, and if so, how did it occur, and what steps have been taken to prevent it from occurring in the future?”
Hopefully HPE is able to confirm if they were pwned or not, and if they were they need to tell the public what they are going to stop this from happening again. Enterprises need to know that HPE has everything under control. So the more transparent that HPE can be, the better for them.
Like this:
Like Loading...
Related
This entry was posted on January 21, 2025 at 1:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hewlett Packard Enterprise is investigating claims of a new source code breach after a threat actor said they stole documents from the company’s developer environments.
The company has told BleepingComputer that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims.
“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” spokesperson Clare Loxley told BleepingComputer.
“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved.”
IntelBroker, who announced the sale of information allegedly stolen from HPE’s networks, claims they had access to the company’s API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:
“It looks like HPE took all the appropriate steps. It would be great to know if a breach did occur and, if so, how? As long as HPE disabled the older, possible logon credentials (as they say they did), then the remaining threat comes from the possibly stolen source code. Theoretically, an attacker with the source code can more easily find vulnerabilities and exploit them (or sell those vulnerability findings and/or exploits). Although in practice I’m not aware of an exploit that occurs because of stolen source code. Maybe it’s happened (and I don’t know about it), but the real-world threat from stolen source code doesn’t seem to match the fear. Still, if there was stolen source code and you had a dedicated adversary that was appropriately motivated, having your source code out there is something no development vendor wants. But to me the bigger risk is from unauthorized access to the stolen objects…did it occur, and if so, how did it occur, and what steps have been taken to prevent it from occurring in the future?”
Hopefully HPE is able to confirm if they were pwned or not, and if they were they need to tell the public what they are going to stop this from happening again. Enterprises need to know that HPE has everything under control. So the more transparent that HPE can be, the better for them.
Share this:
Like this:
Related
This entry was posted on January 21, 2025 at 1:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.